Get Activities (All) - Cloud Security API

{"type":"api","title":"Get Activities (All)","meta":{"id":"/apps/pubhub/media/cloud-security-apis-in-eft/d2a1854d5c0ed9069a7f0bc54a9b813f3075ddc9/d1093732-2fd9-3760-ac85-83910c4b7111","info":{"title":"Cisco Secure Access Reporting API","description":"The Reporting API provides the data to generate the Secure Access reports.","version":"2.0.1","contact":{"name":"Cloud Security Developer Community"}},"security":[{"oauthFlow":[]}],"tags":[{"name":"Activity"},{"name":"Top Identities"},{"name":"Identity Distribution"},{"name":"Top Resources"},{"name":"Top Destinations"},{"name":"Top Categories"},{"name":"Top Event Types"},{"name":"Top DNS Query Types"},{"name":"Organization Requests by Hour"},{"name":"Organization Requests by Timerange"},{"name":"Organization Requests by Hour and Category"},{"name":"Organization Requests by Timerange and Category"},{"name":"Deployment Status"},{"name":"Bandwidth by Hour"},{"name":"Bandwidth by Timerange"},{"name":"Top Files"},{"name":"Total Requests"},{"name":"Top Threats"},{"name":"Top Threat Types"},{"name":"Utility"},{"name":"Top IPs"},{"name":"Summary"},{"name":"Summaries by Category"},{"name":"Summaries by Destination"},{"name":"Summaries by Rule"},{"name":"Remote Access"},{"name":"Private Resource"},{"name":"Requests Resource Connector"},{"name":"Requests Summary Resource Connector Groups"},{"name":"Resource Connectors"},{"name":"Rules Activity"},{"name":"Unique Resources"},{"name":"Secure Access"}],"x-parser-conf":{"overview":{"markdownPath":"secure-access/reference/reports/reporting-overview.md","uri":"secure-access-api-reference-reporting-overview"}},"openapi":"3.0.1","servers":[{"url":"https://api.sse.cisco.com/{basePath}","variables":{"basePath":{"default":"reports/v2"}}}],"securitySchemes":{"oauthFlow":{"type":"oauth2","description":"client credential flow","flows":{"clientCredentials":{"tokenUrl":"https://api.sse.cisco.com/auth/v2/token","scopes":{"reports.granularEvents:read":"Read reports granular events","reports.utilities:read":"Read reports utilities","reports.aggregations:read":"Read reports aggregations","reports.summariesByRule:read":"Read reports for the summaries of the rule","reports.privateResources:read":"Read reports for the private resources"}}}}}},"spec":{"tags":["Activity","Secure Access"],"summary":"Get Activities (All)","description":"List all activities (dns/proxy/firewall/ip/intrusion/ztna/decryption) within the timeframe.\n**Note:** The IP activity report is not available.\n\n**Access Scope:** Reports \u003e Aggregations \u003e Read-Only","operationId":"getActivities","security":[{"oauthFlow":["reports.aggregations:read"]}],"parameters":[{"name":"from","in":"query","description":"A timestamp or relative time string (for example: '-1days').\nFilter for data that appears after this time.","required":true,"schema":{"type":"string"},"example":"1639146300000","$$ref":"#/components/parameters/fromParam"},{"name":"to","in":"query","description":"A timestamp or relative time string (for example: 'now').\nFilter for data that appears before this time.","required":true,"schema":{"type":"string"},"example":"1640010300000","$$ref":"#/components/parameters/toParam"},{"name":"offset","in":"query","description":"A number that represents an index in the collection.","schema":{"type":"number","default":0},"example":0,"$$ref":"#/components/parameters/offsetParam"},{"name":"limit","in":"query","description":"The maximum number of records to return from the collection.","required":true,"schema":{"type":"number","default":100},"example":100,"$$ref":"#/components/parameters/limitParam"},{"name":"domains","in":"query","description":"A domain name or comma-delimited list of domain name.","schema":{"type":"string"},"example":"cisco.com,nasa.gov","$$ref":"#/components/parameters/domainsParam"},{"name":"urls","in":"query","description":"A URL or comma-delimited list of URL.","schema":{"type":"string"},"example":"https://google.com,facebook.com/help","$$ref":"#/components/parameters/urlsParam"},{"name":"categories","in":"query","description":"A category ID or comma-delimited list of category ID.","schema":{"type":"string"},"example":"148,151,66","$$ref":"#/components/parameters/categoriesParam"},{"name":"policycategories","in":"query","description":"A category ID or comma-delimited list of category ID.\nFilter the request by the categories that trigger a policy.","schema":{"type":"string"},"example":"67,69","$$ref":"#/components/parameters/policyCategoriesParam"},{"name":"ip","in":"query","description":"An IP address.","schema":{"type":"string"},"example":"10.10.10.10","$$ref":"#/components/parameters/ipParam"},{"name":"ports","in":"query","description":"A port number or comma-delimited list of port numbers.","schema":{"type":"string"},"example":"7351,80","$$ref":"#/components/parameters/portsParam"},{"name":"identityids","in":"query","description":"An identity ID or comma-delimited list of identity IDs.","schema":{"type":"string"},"example":"1,2,3","$$ref":"#/components/parameters/identityIdsParam"},{"name":"identitytypes","in":"query","description":"An identity type or comma-delimited list of identity types.","schema":{"type":"string"},"example":"network,roaming","$$ref":"#/components/parameters/identityTypesParam"},{"name":"applicationid","in":"query","description":"The ID of the application.","schema":{"type":"string"},"example":"1","$$ref":"#/components/parameters/applicationIdParam"},{"name":"verdict","in":"query","description":"A string or comma-delimited string that describes whether the traffic can reach the destination.","schema":{"type":"string"},"example":"allowed,blocked","$$ref":"#/components/parameters/verdictParam"},{"name":"ruleid","in":"query","description":"The firewall policy rule ID.","schema":{"type":"number"},"example":1,"$$ref":"#/components/parameters/ruleIdParam"},{"name":"filename","in":"query","description":"A string that identifies a filename. Filter the request by the filename.\nSupports globbing or use of the wildcard character ('*'). The asterisk (*) matches\nzero or more occurrences of any character.","schema":{"type":"string"},"example":"myfilename_*","$$ref":"#/components/parameters/filenameParam"},{"name":"securityoverridden","in":"query","description":"Specify whether to filter on requests that override security.","schema":{"type":"boolean"},"example":true,"$$ref":"#/components/parameters/securityOverriddenParam"},{"name":"bundleid","in":"query","description":"A proxy bundle ID.","schema":{"type":"number"},"example":1,"$$ref":"#/components/parameters/bundleIdParam"},{"name":"threats","in":"query","description":"A threat name or comma-delimited list of threat names.","schema":{"type":"string"},"$$ref":"#/components/parameters/threatsParam"},{"name":"threattypes","in":"query","description":"A threat type or comma-delimited list of threat types.","schema":{"type":"string"},"$$ref":"#/components/parameters/threatTypesParam"},{"name":"ampdisposition","in":"query","description":"An AMP disposition string or a comma-delimited list of AMP disposition strings.","schema":{"type":"string"},"example":"clean,malicious,unknown","$$ref":"#/components/parameters/ampDispositionParam"},{"name":"antivirusthreats","in":"query","description":"A threat name or comma-delimited list of threat names.","schema":{"type":"string"},"example":"Trojan.Linux.Generic.144075","$$ref":"#/components/parameters/antivirusThreatsParam"},{"name":"x-traffic-type","in":"header","description":"A string or comma-delimited list of strings that describes the type of traffic.\nIf the header is not set, the default value is `all`. Valid values are: `dns`, `proxy`, `firewall`, and `ip`.","schema":{"type":"string"},"example":"dns,proxy,firewall,ip","$$ref":"#/components/parameters/xTrafficTypeParam"},{"name":"isolatedstate","in":"query","description":"A string that describes the remote browser isolation (RBI) isolation type.","schema":{"type":"string","enum":["isolated","not-isolated"]},"example":"isolated","$$ref":"#/components/parameters/isolatedStateParam"},{"name":"isolatedFileAction","in":"query","description":"A string that describes the remote browser isolation (RBI) file action type.","schema":{"type":"string","enum":["viewed","downloaded-original-file","downloaded-safe-pdf"]},"example":"downloaded-safe-pdf","$$ref":"#/components/parameters/isolatedFileActionParam"},{"name":"datalosspreventionstate","in":"query","description":"A string that describes the status of a destination.\nFilter for requests that are blocked by the DLP layer security.","schema":{"type":"string","enum":["blocked"]},"example":"blocked","$$ref":"#/components/parameters/dataLossPreventionStateParam"},{"name":"filternoisydomains","in":"query","description":"Filter out domains that generate a lot of insignificant traffic (noise).","schema":{"type":"boolean"},"example":true,"$$ref":"#/components/parameters/filterNoisyDomainsParam"},{"name":"httperrors","in":"query","description":"Filter data for requests that resulted in a TLS error or a certificate error.","schema":{"type":"string","enum":["certificateerror","tlserror"]},"example":"certificateerror","$$ref":"#/components/parameters/httpErrorsParam"},{"name":"exists","in":"query","description":"Specify an attribute or comma-separated list of attributes to filter the data.\nValid values are: `categories`, `policycategories`, `applicationid`,\n`nbarapplicationid`, `nbarapplicationtypeids`, `privateapplicationid`, `applicationgroupids`,\n`sha256`, `filename`, `threats`, `threattypes`, `antivirusthreats`, `destinationlistids`, and `httperrors`.","schema":{"type":"string"},"example":"destinationlistids,threattypes","$$ref":"#/components/parameters/existsParam"},{"name":"timezone","in":"query","description":"Display the timestamp of the traffic events in the specified timezone.\nFor the timezone, provide a continent and city separated by an url-encoded forward slash ('/'), for example: timezone='ASIA%2fCALCUTTA'.","schema":{"type":"string"},"example":"ASIA%2fCALCUTTA","$$ref":"#/components/parameters/timezoneParam"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"type":"array","items":{"anyOf":[{"type":"object","description":"The information about the DNS activity.","properties":{"externalip":{"type":"string","description":"The external IP for the entry."},"internalip":{"type":"string","description":"The internal IP for the entry."},"policycategories":{"type":"array","description":"The list of the policy categories.","items":{"type":"object","description":"The properties of the category.","properties":{"id":{"type":"number","description":"The ID of the category."},"label":{"type":"string","description":"The descriptive label for the category."},"type":{"type":"string","description":"The type of the category."},"integration":{"type":"boolean","description":"Specifies whether the category is an integration.","example":true},"deprecated":{"type":"boolean","description":"Specifies whether the category is a legacy category.","example":true}},"$$ref":"#/components/schemas/Category"}},"categories":{"type":"array","description":"The list of categories.","items":{"type":"object","description":"The properties of the category.","properties":{"id":{"type":"number","description":"The ID of the category."},"label":{"type":"string","description":"The descriptive label for the category."},"type":{"type":"string","description":"The type of the category."},"integration":{"type":"boolean","description":"Specifies whether the category is an integration.","example":true},"deprecated":{"type":"boolean","description":"Specifies whether the category is a legacy category.","example":true}},"$$ref":"#/components/schemas/Category"},"$$ref":"#/components/schemas/categories"},"verdict":{"type":"string","description":"The verdict for the entry.","enum":["allowed","blocked"],"example":"allowed","$$ref":"#/components/schemas/verdict"},"domain":{"type":"string","description":"The domain name for the entry."},"timestamp":{"type":"number","description":"The timestamp represented in milliseconds.","example":1594557263000,"$$ref":"#/components/schemas/Timestamp"},"identities":{"type":"array","description":"The list of identities for the entry.","items":{"type":"object","description":"The information about the identity.","properties":{"id":{"type":"number","description":"The ID of the identity."},"label":{"type":"string","description":"The descriptive label for the identity."},"type":{"type":"object","description":"The information about the identity including the type.","properties":{"id":{"type":"number","description":"The ID of the origin type for the identity."},"label":{"type":"string","description":"The label of the origin type for the identity."},"type":{"type":"string","description":"The name of the origin type for the identity."}},"$$ref":"#/components/schemas/IdentityType"},"deleted":{"type":"boolean","description":"Indicates whether the identity was deleted.","example":true}},"required":["id","label","type","deleted"],"example":{"id":1,"label":"Catch Rate Testing System","type":{"id":21,"label":"Sites","type":"site"},"deleted":false},"$$ref":"#/components/schemas/Identity"},"$$ref":"#/components/schemas/identities"},"allapplications":{"type":"array","description":"The list of all applications for the entry.","items":{"type":"object","description":"The information about the application.","properties":{"id":{"type":"number","description":"The ID of the application."},"label":{"type":"string","description":"The descriptive label for the application."},"type":{"type":"string","description":"The type of the application: NBAR or AVC.","enum":["NBAR","AVC"],"example":"AVC"},"category":{"type":"object","description":"The category of the application.","properties":{"id":{"type":"number","description":"The ID of the application category."},"label":{"type":"string","description":"The label of the application category."}}}},"example":{"id":1,"label":"malware","type":"AVC","category":{"id":2,"label":"Education"}},"$$ref":"#/components/schemas/Application"}},"threats":{"type":"array","description":"The list of threats for the entry.","items":{"type":"object","description":"The information about the threat.","properties":{"label":{"type":"string","description":"The descriptive label for the threat name."},"type":{"type":"string","description":"The type of the threat."}},"$$ref":"#/components/schemas/Threat"}},"type":{"type":"string","description":"The type of the request. A DNS request always has the type dns.","enum":["dns"],"example":"dns"},"querytype":{"type":"string","description":"The type of the DNS request."},"date":{"type":"string","description":"The date from the timestamp based on the timezone parameter.","example":"2020-07-12","$$ref":"#/components/schemas/Date"},"time":{"type":"string","description":"The time in 24-hour format based on the timezone parameter.","example":"12:34","$$ref":"#/components/schemas/Time"},"returncode":{"type":"number","description":"The DNS return code for this request."},"allowedapplications":{"type":"array","description":"The list of allowed applications.","items":{"type":"object","description":"The information about the application.","properties":{"id":{"type":"number","description":"The ID of the application."},"label":{"type":"string","description":"The descriptive label for the application."},"type":{"type":"string","description":"The type of the application: NBAR or AVC.","enum":["NBAR","AVC"],"example":"AVC"},"category":{"type":"object","description":"The category of the application.","properties":{"id":{"type":"number","description":"The ID of the application category."},"label":{"type":"string","description":"The label of the application category."}}}},"example":{"id":1,"label":"malware","type":"AVC","category":{"id":2,"label":"Education"}},"$$ref":"#/components/schemas/Application"}},"blockedapplications":{"type":"array","description":"The list of blocked applications.","items":{"type":"object","description":"The information about the application.","properties":{"id":{"type":"number","description":"The ID of the application."},"label":{"type":"string","description":"The descriptive label for the application."},"type":{"type":"string","description":"The type of the application: NBAR or AVC.","enum":["NBAR","AVC"],"example":"AVC"},"category":{"type":"object","description":"The category of the application.","properties":{"id":{"type":"number","description":"The ID of the application category."},"label":{"type":"string","description":"The label of the application category."}}}},"example":{"id":1,"label":"malware","type":"AVC","category":{"id":2,"label":"Education"}},"$$ref":"#/components/schemas/Application"}}},"required":["allapplications","allowedapplications","blockedapplications","categories","date","domain","externalip","identities","internalip","policycategories","querytype","returncode","threats","time","timestamp","type","verdict"],"example":{"externalip":"52.8.160.247","internalip":"52.8.160.247","policycategories":[{"id":66,"label":"Malware","type":"security","integration":true}],"categories":[{"id":66,"label":"Malware","type":"security","integration":true}],"verdict":"allowed","domain":"google.com","timestamp":1548311506000,"time":"06:31:46","date":"2019-01-24","identities":[{"id":1,"label":"Catch Rate Testing System","type":{"id":21,"label":"Sites","type":"site"},"deleted":true}],"threats":[{"label":"Wannacry","type":"Ransomware"}],"allapplications":[{"id":1,"label":"label","type":"NBAR","category":{"id":1,"label":"category"}}],"allowedapplications":[{"id":1,"label":"label","type":"NBAR","category":{"id":1,"label":"category"}}],"querytype":"MX","returncode":2,"blockedapplications":[],"type":"dns"},"$$ref":"#/components/schemas/ActivityDns"},{"type":"object","description":"The information about the firewall activity.","properties":{"date":{"type":"string","description":"The date from the timestamp based on the timezone parameter.","example":"2020-07-12","$$ref":"#/components/schemas/Date"},"destinationip":{"type":"string","description":"The destination IP for the entry.","example":"12.10.10.10","$$ref":"#/components/schemas/DestinationIp"},"sourceip":{"type":"string","description":"The source IP for the entry.","example":"10.11.10.10","$$ref":"#/components/schemas/SourceIp"},"sourceport":{"type":"number","description":"The source port for the entry.","example":3000,"$$ref":"#/components/schemas/SourcePort"},"destinationport":{"type":"number","description":"The destination port for entry.","example":89,"$$ref":"#/components/schemas/DestinationPort"},"categories":{"type":"array","description":"The list of categories.","items":{"type":"object","description":"The properties of the category.","properties":{"id":{"type":"number","description":"The ID of the category."},"label":{"type":"string","description":"The descriptive label for the category."},"type":{"type":"string","description":"The type of the category."},"integration":{"type":"boolean","description":"Specifies whether the category is an integration.","example":true},"deprecated":{"type":"boolean","description":"Specifies whether the category is a legacy category.","example":true}},"$$ref":"#/components/schemas/Category"},"$$ref":"#/components/schemas/categories"},"verdict":{"type":"string","description":"The verdict for the entry.","enum":["allowed","blocked"],"example":"allowed","$$ref":"#/components/schemas/verdict"},"time":{"type":"string","description":"The time in 24-hour format based on the timezone parameter.","example":"12:34","$$ref":"#/components/schemas/Time"},"timestamp":{"type":"number","description":"The timestamp represented in milliseconds.","example":1594557263000,"$$ref":"#/components/schemas/Timestamp"},"identities":{"type":"array","description":"The list of identities for the entry.","items":{"type":"object","description":"The information about the identity.","properties":{"id":{"type":"number","description":"The ID of the identity."},"label":{"type":"string","description":"The descriptive label for the identity."},"type":{"type":"object","description":"The information about the identity including the type.","properties":{"id":{"type":"number","description":"The ID of the origin type for the identity."},"label":{"type":"string","description":"The label of the origin type for the identity."},"type":{"type":"string","description":"The name of the origin type for the identity."}},"$$ref":"#/components/schemas/IdentityType"},"deleted":{"type":"boolean","description":"Indicates whether the identity was deleted.","example":true}},"required":["id","label","type","deleted"],"example":{"id":1,"label":"Catch Rate Testing System","type":{"id":21,"label":"Sites","type":"site"},"deleted":false},"$$ref":"#/components/schemas/Identity"},"$$ref":"#/components/schemas/identities"},"protocol":{"type":"object","description":"The properties of the protocol.","properties":{"id":{"type":"number","description":"The ID of protocol."},"label":{"type":"string","description":"The name of the protocol."}},"required":["id","label"],"$$ref":"#/components/schemas/Protocol"},"rule":{"type":"object","description":"The properties of the firewall rule.","properties":{"id":{"type":"number","description":"The ID of the rule."},"label":{"type":"string","description":"The name of the rule."},"privateapplicationgroup":{"type":"object","description":"The private application group.","properties":{"id":{"nullable":true,"type":"number","description":"The ID of application group."},"label":{"nullable":true,"type":"string","description":"The name of the application group."}},"$$ref":"#/components/schemas/PrivateApplicationGroup"}},"required":["id","label"],"$$ref":"#/components/schemas/Rule"},"type":{"type":"string","description":"The type of the request. A firewall request always has type firewall.","example":"firewall"},"allapplications":{"type":"array","description":"The list of applications for the entry.","items":{"type":"object","description":"The information about the application.","properties":{"id":{"type":"number","description":"The ID of the application."},"label":{"type":"string","description":"The descriptive label for the application."},"type":{"type":"string","description":"The type of the application: NBAR or AVC.","enum":["NBAR","AVC"],"example":"AVC"},"category":{"type":"object","description":"The category of the application.","properties":{"id":{"type":"number","description":"The ID of the application category."},"label":{"type":"string","description":"The label of the application category."}}}},"example":{"id":1,"label":"malware","type":"AVC","category":{"id":2,"label":"Education"}},"$$ref":"#/components/schemas/Application"},"$$ref":"#/components/schemas/allapplications"},"applicationprotocols":{"type":"array","description":"A list of firewall application protocols.","items":{"type":"object","description":"The information about the applications managed by the firewall.","properties":{"id":{"type":"number","description":"The ID of the application or protocol."},"label":{"type":"string","description":"The descriptive label for the application or protocol."},"app":{"type":"string","description":"The information about the app type.","example":"IT Service Management (string) - application/protocol type"}},"$$ref":"#/components/schemas/FirewallApplication"}},"direction":{"type":"string","description":"The direction of the packet. It is destined either towards the internet or to the customer's network."},"packetsize":{"type":"number","description":"The size of the packet that was received."}},"required":["allapplications","applicationprotocols","date","destinationip","destinationport","direction","identities","packetsize","protocol","rule","sourceip","sourceport","time","timestamp","type","verdict"],"example":{"date":"","destinationip":"52.8.160.247","sourceip":"192.168.0.1","sourceport":0,"destinationport":0,"direction":"toward","categories":[{"id":66,"label":"Malware","type":"security","integration":true}],"verdict":"allowed","time":"12:34","timestamp":1548311506000,"packetsize":32,"identities":[{"id":1,"label":"Catch Rate Testing System","type":{"id":21,"label":"Sites","type":"site"},"deleted":false}],"protocol":{"id":17,"label":"UDP"},"rule":{"id":1,"label":"Default Rule"},"type":"firewall","allapplications":[{"id":72,"label":"dns IT Service Management","app":""}],"applicationprotocols":[{"id":72,"label":"dns IT Service Management","app":""}]},"$$ref":"#/components/schemas/ActivityFirewall"},{"type":"object","description":"The information about the intrusion activity.","properties":{"classification":{"type":"string","description":"The category of attack detected by a rule that is part of a more general type of attack class, such as trojan-activity, attempted-user, and unknown.","example":"trojan-activity","$$ref":"#/components/schemas/Classification"},"date":{"type":"string","description":"The date from the timestamp based on the timezone parameter.","example":"2020-07-12","$$ref":"#/components/schemas/Date"},"destinationip":{"type":"string","description":"The destination IP for the entry.","example":"12.10.10.10","$$ref":"#/components/schemas/DestinationIp"},"destinationport":{"type":"number","description":"The destination port for entry.","example":89,"$$ref":"#/components/schemas/DestinationPort"},"identities":{"type":"array","description":"The list of identities for the entry.","items":{"type":"object","description":"The information about the identity.","properties":{"id":{"type":"number","description":"The ID of the identity."},"label":{"type":"string","description":"The descriptive label for the identity."},"type":{"type":"object","description":"The information about the identity including the type.","properties":{"id":{"type":"number","description":"The ID of the origin type for the identity."},"label":{"type":"string","description":"The label of the origin type for the identity."},"type":{"type":"string","description":"The name of the origin type for the identity."}},"$$ref":"#/components/schemas/IdentityType"},"deleted":{"type":"boolean","description":"Indicates whether the identity was deleted.","example":true}},"required":["id","label","type","deleted"],"example":{"id":1,"label":"Catch Rate Testing System","type":{"id":21,"label":"Sites","type":"site"},"deleted":false},"$$ref":"#/components/schemas/Identity"},"$$ref":"#/components/schemas/identities"},"protocol":{"type":"object","description":"The properties of the protocol.","properties":{"id":{"type":"number","description":"The ID of protocol."},"label":{"type":"string","description":"The name of the protocol."}},"required":["id","label"],"$$ref":"#/components/schemas/Protocol"},"sessionid":{"type":"number","description":"The unique identifier of a session, which is used to group the correlated events between various services.","example":7878797,"$$ref":"#/components/schemas/SessionId"},"severity":{"type":"string","description":"The severity level of the rule.","enum":["HIGH","MEDIUM","LOW","VERY LOW"],"example":"HIGH","$$ref":"#/components/schemas/Severity"},"signature":{"type":"object","description":"The properties of the signature.","properties":{"generatorid":{"type":"number","description":"The unique ID that is assigned to the part of the IPS, which generated the event."},"id":{"type":"number","description":"The ID that is used to uniquely identify signatures."},"label":{"type":"string","description":"A descriptive label for the the signature."},"cves":{"type":"array","description":"The list of common vulnerabilites and exposures (CVEs).","items":{"type":"string","description":"An identifier for a known security vulnerability/exposure.","example":"cve-2015-0279","$$ref":"#/components/schemas/CVE"}}},"required":["generatorid","id","label","cves"],"example":{"generatorid":148,"id":2,"label":"(cip) CIP data is non-conforming to ODVA standard","cves":["cve-2015-0279"]},"$$ref":"#/components/schemas/Signature"},"signaturelist":{"type":"object","description":"The properties of the signature list.","properties":{"id":{"type":"number","description":"The unique ID assigned to a default or custom signature list."}},"required":["id"],"example":{"id":1112},"$$ref":"#/components/schemas/SignatureList"},"sourceip":{"type":"string","description":"The source IP for the entry.","example":"10.11.10.10","$$ref":"#/components/schemas/SourceIp"},"sourceport":{"type":"number","description":"The source port for the entry.","example":3000,"$$ref":"#/components/schemas/SourcePort"},"time":{"type":"string","description":"The time in 24-hour format based on the timezone parameter.","example":"12:34","$$ref":"#/components/schemas/Time"},"timestamp":{"type":"number","description":"The timestamp represented in milliseconds.","example":1594557263000,"$$ref":"#/components/schemas/Timestamp"},"type":{"type":"string","description":"The type of the request. An intrusion request always has type intrusion.","example":"intrusion"},"verdict":{"type":"string","description":"The verdict for the entry.","enum":["detected"],"example":"detected","$$ref":"#/components/schemas/verdictDetected"}},"required":["classification","date","destinationip","destinationport","identities","protocol","sessionid","severity","signature","signaturelist","sourceip","sourceport","time","timestamp","type","verdict"],"example":{"type":"intrusion","date":"12-02-22","destinationip":"10.10.10.10","protocol":{"id":17,"label":"UDP"},"sourceip":"10.10.10.10","signaturelist":{"id":1111},"classification":"malicious","sourceport":22,"sessionid":190898098,"verdict":"detected","destinationport":33,"timestamp":1594557262000,"time":"09:30","identities":[{"id":211034846,"type":{"id":34,"type":"anyconnect","label":"Anyconnect Roaming Client"},"label":"omerta","deleted":false}],"severity":"HIGH","signature":{"generatorid":1,"id":47829,"label":"SERVER-OTHER JBoss Richfaces expression language injection attempt","cves":["cve-2015-0279","cve-2018-12532"]}},"$$ref":"#/components/schemas/ActivityIntrusion"},{"type":"object","description":"The activity of the proxy.","properties":{"externalip":{"type":"string","description":"The external IP for the entry."},"internalip":{"type":"string","description":"The internal IP for the entry."},"policycategories":{"type":"array","description":"The list of policy categories.","items":{"type":"object","description":"The properties of the category.","properties":{"id":{"type":"number","description":"The ID of the category."},"label":{"type":"string","description":"The descriptive label for the category."},"type":{"type":"string","description":"The type of the category."},"integration":{"type":"boolean","description":"Specifies whether the category is an integration.","example":true},"deprecated":{"type":"boolean","description":"Specifies whether the category is a legacy category.","example":true}},"$$ref":"#/components/schemas/Category"},"$$ref":"#/components/schemas/policycategories"},"categories":{"type":"array","description":"The list of categories.","items":{"type":"object","description":"The properties of the category.","properties":{"id":{"type":"number","description":"The ID of the category."},"label":{"type":"string","description":"The descriptive label for the category."},"type":{"type":"string","description":"The type of the category."},"integration":{"type":"boolean","description":"Specifies whether the category is an integration.","example":true},"deprecated":{"type":"boolean","description":"Specifies whether the category is a legacy category.","example":true}},"$$ref":"#/components/schemas/Category"},"$$ref":"#/components/schemas/categories"},"verdict":{"type":"string","description":"The verdict for the entry.","enum":["allowed","blocked"],"example":"allowed","$$ref":"#/components/schemas/verdict"},"timestamp":{"type":"number","description":"The timestamp represented in milliseconds.","example":1594557263000,"$$ref":"#/components/schemas/Timestamp"},"identities":{"type":"array","description":"The list of identities for the entry.","items":{"type":"object","description":"The information about the identity.","properties":{"id":{"type":"number","description":"The ID of the identity."},"label":{"type":"string","description":"The descriptive label for the identity."},"type":{"type":"object","description":"The information about the identity including the type.","properties":{"id":{"type":"number","description":"The ID of the origin type for the identity."},"label":{"type":"string","description":"The label of the origin type for the identity."},"type":{"type":"string","description":"The name of the origin type for the identity."}},"$$ref":"#/components/schemas/IdentityType"},"deleted":{"type":"boolean","description":"Indicates whether the identity was deleted.","example":true}},"required":["id","label","type","deleted"],"example":{"id":1,"label":"Catch Rate Testing System","type":{"id":21,"label":"Sites","type":"site"},"deleted":false},"$$ref":"#/components/schemas/Identity"},"$$ref":"#/components/schemas/identities"},"allapplications":{"type":"array","description":"The list of applications for the entry.","items":{"type":"object","description":"The information about the application.","properties":{"id":{"type":"number","description":"The ID of the application."},"label":{"type":"string","description":"The descriptive label for the application."},"type":{"type":"string","description":"The type of the application: NBAR or AVC.","enum":["NBAR","AVC"],"example":"AVC"},"category":{"type":"object","description":"The category of the application.","properties":{"id":{"type":"number","description":"The ID of the application category."},"label":{"type":"string","description":"The label of the application category."}}}},"example":{"id":1,"label":"malware","type":"AVC","category":{"id":2,"label":"Education"}},"$$ref":"#/components/schemas/Application"},"$$ref":"#/components/schemas/allapplications"},"allowedapplications":{"type":"array","description":"The list of allowed applications for the entry.","items":{"type":"object","description":"The information about the application.","properties":{"id":{"type":"number","description":"The ID of the application."},"label":{"type":"string","description":"The descriptive label for the application."},"type":{"type":"string","description":"The type of the application: NBAR or AVC.","enum":["NBAR","AVC"],"example":"AVC"},"category":{"type":"object","description":"The category of the application.","properties":{"id":{"type":"number","description":"The ID of the application category."},"label":{"type":"string","description":"The label of the application category."}}}},"example":{"id":1,"label":"malware","type":"AVC","category":{"id":2,"label":"Education"}},"$$ref":"#/components/schemas/Application"}},"blockedapplications":{"type":"array","description":"The list of blocked applications for the entry.","items":{"type":"object","description":"The information about the application.","properties":{"id":{"type":"number","description":"The ID of the application."},"label":{"type":"string","description":"The descriptive label for the application."},"type":{"type":"string","description":"The type of the application: NBAR or AVC.","enum":["NBAR","AVC"],"example":"AVC"},"category":{"type":"object","description":"The category of the application.","properties":{"id":{"type":"number","description":"The ID of the application category."},"label":{"type":"string","description":"The label of the application category."}}}},"example":{"id":1,"label":"malware","type":"AVC","category":{"id":2,"label":"Education"}},"$$ref":"#/components/schemas/Application"}},"responsefilename":{"type":"string","description":"The response filename for the entry."},"blockedfiletype":{"type":"string","description":"The blocked file type for the entry."},"bundleid":{"type":"number","description":"The ID of the bundle type."},"amp":{"type":"object","description":"The properties of the AMP disposition and score for the malware.","properties":{"score":{"type":"number","description":"The AMP score."},"disposition":{"type":"string","description":"The AMP disposition."},"malware":{"type":"string","description":"The AMP malware."}},"required":["disposition","malware","score"],"$$ref":"#/components/schemas/CiscoAMP"},"type":{"type":"string","description":"The type of the request. A proxy request is always of type 'proxy'."},"tenantcontrols":{"type":"boolean","description":"Specifies whether the request is part of a tenant control policy."},"port":{"type":"number","description":"The port used to make the request.","nullable":true},"antivirusthreats":{"type":"object","description":"The information about the antivirus threats.","properties":{"puas":{"type":"array","description":"The list of potentially unwanted applications.","items":{"type":"object"}},"viruses":{"type":"array","description":"The list of viruses.","items":{"type":"string"}},"others":{"type":"array","description":"The list of other antivirus threats.","items":{"type":"object"}}},"required":["others","puas","viruses"],"$$ref":"#/components/schemas/AntivirusThreats"},"policy":{"type":"object","description":"The properties of the internet access rules in the Access policy.","required":["destinationlistids","ruleid","rulesetid","timebasedrule"],"properties":{"timebasedrule":{"type":"boolean","description":"Specify whether the policy triggered a time-of-day rule."},"destinationlistids":{"type":"array","description":"The list of destination lists that the rules triggered.","items":{"type":"number"}},"ruleid":{"type":"number","description":"The ID of the rule in the policy.","nullable":true},"rulesetid":{"type":"number","description":"The ID of the ruleset in the policy.","nullable":true}},"$$ref":"#/components/schemas/Policy"},"requestmethod":{"type":"string","description":"The HTTP request method.","example":"GET"},"responsesize":{"type":"number","description":"The response size in bytes."},"requestsize":{"type":"number","description":"The response size in bytes."},"statuscode":{"type":"number","description":"The HTTP status code (`200` or `201`).","enum":[200,201],"example":200},"useragent":{"type":"string","description":"The name of the browser that made the request."},"referer":{"type":"string","description":"The referring domain or URL."},"warnstatus":{"type":"string","description":"The warning status."},"sha256":{"type":"string","description":"The hex digest of the response content."},"isolated":{"type":"object","description":"The properties of the isolated file.","properties":{"state":{"type":"string","description":"The state of the isolated file."},"fileaction":{"type":"string","description":"The action taken for the file."}},"required":["state","fileaction"],"example":{"state":"not-isolated","fileaction":""},"$$ref":"#/components/schemas/Isolated"},"datalossprevention":{"type":"object","description":"The information about the Data Loss Prevention state.","properties":{"state":{"type":"string","description":"Indicates the status of the DLP. The state is either `blocked` or the empty string (` `).","enum":["blocked",""]}},"required":["state"],"example":{"state":"blocked"},"$$ref":"#/components/schemas/DataLossPreventionState"},"securityoverridden":{"type":"boolean","description":"Specifies whether security overrides are configured."},"contenttype":{"type":"string","description":"The type of web content, typically text/html.","example":"text/html"},"forwardingmethod":{"type":"string","description":"The request method (GET, POST, HEAD, etc.)","example":"GET"},"httperrors":{"type":"array","items":{"type":"object","description":"The properties of the HTTP error.","properties":{"type":{"type":"string","description":"The type of the error, either `CertificateError` or `TLSError`.","enum":["CertificateError","TLSError"]},"code":{"type":"number","description":"The HTTP error code."},"reason":{"type":"string","description":"The name of the error."},"attributes":{"type":"object","description":"The properties of the additional information for the error."}},"$$ref":"#/components/schemas/HttpError"},"description":"Certificate & TLS Errors"},"threats":{"type":"array","items":{"type":"object","description":"The information about the threat.","properties":{"label":{"type":"string","description":"The descriptive label for the threat name."},"type":{"type":"string","description":"The type of the threat."}},"$$ref":"#/components/schemas/Threat"}},"egress":{"type":"object","description":"The information about the egress IP.","properties":{"ip":{"type":"string","description":"The egress IP."},"type":{"type":"string","description":"The type of the egress IP.","example":"shared"}},"required":["ip","type"],"example":{"ip":"155.190.3.8","type":"shared"},"$$ref":"#/components/schemas/Egress"},"datacenter":{"type":"object","description":"The information about the data center.","properties":{"id":{"type":"string","description":"The unique ID for the data center."},"label":{"type":"string","description":"The name of the data center."}},"required":["id","label"],"example":{"id":"LAX","label":"Los Angeles, US"},"$$ref":"#/components/schemas/DataCenter"},"date":{"type":"string","description":"The date from the timestamp based on the timezone parameter.","example":"2020-07-12","$$ref":"#/components/schemas/Date"},"time":{"type":"string","description":"The time in 24-hour format based on the timezone parameter.","example":"12:34","$$ref":"#/components/schemas/Time"},"destinationip":{"type":"string","description":"The destination IP for the entry.","example":"12.10.10.10","$$ref":"#/components/schemas/DestinationIp"},"url":{"type":"string","description":"The URL that was requested."}},"required":["allapplications","allowedapplications","amp","antivirusthreats","blockedapplications","blockedfiletype","bundleid","categories","contenttype","datacenter","datalossprevention","date","destinationip","egress","externalip","forwardingmethod","httperrors","identities","internalip","isolated","policy","policycategories","port","referer","requestsize","responsefilename","responsesize","securityoverridden","sha256","statuscode","tenantcontrols","threats","time","timestamp","type","url","useragent","verdict","warnstatus"],"example":{"destinationip":"","externalip":"32.4.91.7","responsesize":3329530,"allapplications":[{"id":1313,"label":"Netflix","category":{"id":47,"label":"Media"}}],"date":"2022-02-18","datalossprevention":{"state":""},"antivirusthreats":{"puas":[],"viruses":[],"others":[]},"internalip":"192.168.1.43","referer":"","contenttype":"","tenantcontrols":false,"securityoverridden":false,"useragent":"","time":"23:29:42","amp":{"disposition":"","score":0,"malware":""},"policycategories":[],"type":"proxy","requestsize":1996,"port":443,"policy":{"ruleid":0,"rulesetid":0,"destinationlistids":[],"timebasedrule":false},"forwardingmethod":"","categories":[{"id":17,"type":"content","label":"Movies","integration":false,"deprecated":true}],"isolated":{"state":"not-isolated","fileaction":""},"statuscode":200,"egress":{"ip":"155.190.3.8","type":"shared"},"blockedfiletype":"","url":"https://ipv4-lax2-ix.1.oca.anothervideo.net","verdict":"allowed","responsefilename":"","warnstatus":"","sha256":"","timestamp":1645226982000,"blockedapplications":[],"allowedapplications":[],"identities":[{"id":1,"type":{"id":34,"type":"anyconnect","label":"Anyconnect Roaming Client"},"label":"Vincent's Macbook","deleted":false}],"datacenter":{"label":"Atlanta, US","id":"ATL"},"threats":[],"httperrors":[],"bundleid":3},"$$ref":"#/components/schemas/ActivityProxy"},{"type":"object","description":"The information about the Zero Trust Network Access (ZTNA) traffic in the Activity report.","properties":{"allapplications":{"type":"array","description":"The list of private applications that are connected through Zero Trust Access.","items":{"type":"object","description":"The properties of the private application.","properties":{"id":{"type":"integer","description":"The ID of the private application."},"label":{"type":"string","description":"The descriptive label for the application."},"type":{"type":"string","description":"The type of the application."},"category":{"type":"object","description":"The properties of the category for the application.","properties":{"id":{"type":"integer","description":"The ID of the category."},"label":{"type":"string","description":"The descriptive lable for the application category."}}}},"example":{"id":1,"label":"label","type":"NBAR","category":{"id":1,"label":"category"}}}},"date":{"type":"string","description":"The date from the timestamp based on the timezone parameter.","example":"2020-07-12","$$ref":"#/components/schemas/Date"},"destinationip":{"type":"string","description":"The resolved IP for Zero Trust Network Access (ZTNA) client-based events."},"clientfirewall":{"type":"string","description":"The type of the firewall that is used, either `SYS` or `NONE`.","enum":["SYS","NONE"]},"time":{"type":"string","description":"The time in 24-hour format based on the timezone parameter.","example":"12:34","$$ref":"#/components/schemas/Time"},"type":{"type":"string","description":"The type of the request.","enum":["ztna","ztna-clientbased"],"example":"ztna"},"diskencryption":{"type":"string","description":"Type of the disk encryption, either `SYS`, `THIRDPARTY`, `NONE`.","enum":["SYS","THIRDPARTY","NONE"],"example":"NONE"},"antimalwareagents":{"type":"array","description":"The list of anti-malware agents.","items":{"type":"string","description":"A label for an anti-malware agent."}},"policy":{"type":"object","description":"The properties of the Zero Trust Network Access (ZTNA) access rule in the Access policy.","required":["ruleset","privateapplicationgroup"],"properties":{"ruleset":{"type":"object","description":"The set of rules on the policy.","properties":{"id":{"type":"number","description":"The ID of the ruleset."},"label":{"type":"string","description":"The descriptive label for the ruleset."},"rule":{"type":"object","description":"The properties of the firewall rule.","properties":{"id":{"type":"number","description":"The ID of the rule."},"label":{"type":"string","description":"The name of the rule."},"privateapplicationgroup":{"type":"object","description":"The private application group.","properties":{"id":{"nullable":true,"type":"number","description":"The ID of application group."},"label":{"nullable":true,"type":"string","description":"The name of the application group."}},"$$ref":"#/components/schemas/PrivateApplicationGroup"}},"required":["id","label"],"$$ref":"#/components/schemas/Rule"}},"$$ref":"#/components/schemas/Ruleset"},"privateapplicationgroup":{"type":"object","description":"The private application group.","properties":{"id":{"nullable":true,"type":"number","description":"The ID of application group."},"label":{"nullable":true,"type":"string","description":"The name of the application group."}},"$$ref":"#/components/schemas/PrivateApplicationGroup"}},"$$ref":"#/components/schemas/PolicyZTNA"},"systempassword":{"type":"string","description":"The system password.","example":"xxxxxxxxx"},"verdict":{"type":"string","description":"The verdict for entry.","enum":["allowed","blocked","warn"],"example":"warn"},"device":{"type":"object","description":"The properties of the device.","properties":{"ip":{"type":"string","description":"The client's IP address."},"os":{"type":"string","description":"The operating system for the device."},"browser":{"type":"string","description":"The type of the web browser."},"location":{"type":"string","description":"The geolocation of the device."}},"$$ref":"#/components/schemas/Device"},"timestamp":{"type":"number","description":"The timestamp represented in milliseconds.","example":1594557263000,"$$ref":"#/components/schemas/Timestamp"},"identities":{"type":"array","description":"The list of identities for the entry.","items":{"type":"object","description":"The information about the identity.","properties":{"id":{"type":"number","description":"The ID of the identity."},"label":{"type":"string","description":"The descriptive label for the identity."},"type":{"type":"object","description":"The information about the identity including the type.","properties":{"id":{"type":"number","description":"The ID of the origin type for the identity."},"label":{"type":"string","description":"The label of the origin type for the identity."},"type":{"type":"string","description":"The name of the origin type for the identity."}},"$$ref":"#/components/schemas/IdentityType"},"deleted":{"type":"boolean","description":"Indicates whether the identity was deleted.","example":true}},"required":["id","label","type","deleted"],"example":{"id":1,"label":"Catch Rate Testing System","type":{"id":21,"label":"Sites","type":"site"},"deleted":false},"$$ref":"#/components/schemas/Identity"},"$$ref":"#/components/schemas/identities"}},"required":["date","identities","time","timestamp","type","verdict","policy"],"example":{"allapplications":[],"date":"2020-07-12","clientfirewall":"NONE","time":"12:34:25","type":"ztna","diskencryption":"THIRDPARTY","antimalwareagents":["Malware Agent 1","Malware Agent 2"],"policy":{"ruleset":{"id":4567,"label":"DEFAULT","rule":{"id":431556,"label":"UNKNOWN"}},"privateapplicationgroup":{"id":7,"label":"DEFAULT"}},"systempassword":"7994471ABB01112AFCP","verdict":"blocked","device":{"ip":"1.1.1.1","os":"MACOS","browser":"Firefox","location":"Vancouver"},"timestamp":1594557265000,"identities":[{"id":36661999,"type":{"id":48,"type":"saml_user","label":"Users"},"label":"BAP user","deleted":false}]},"$$ref":"#/components/schemas/ActivityZTNA"},{"type":"object","description":"The information about the decrypted traffic in the Activity report.","properties":{"date":{"type":"string","description":"The date from the timestamp based on the timezone parameter.","example":"2020-07-12","$$ref":"#/components/schemas/Date"},"time":{"type":"string","description":"The time in 24-hour format based on the timezone parameter.","example":"12:34","$$ref":"#/components/schemas/Time"},"type":{"type":"string","description":"type of the request. Decryption"},"decryptAction":{"type":"string","description":"Type of decryption action (Decrypt Inbound, Decrypt Outbound, Do Not Decrypt, Decrypt Error)."},"timestamp":{"type":"number","description":"The timestamp represented in milliseconds.","example":1594557263000,"$$ref":"#/components/schemas/Timestamp"},"identities":{"type":"array","description":"The list of identities for the entry.","items":{"type":"object","description":"The information about the identity.","properties":{"id":{"type":"number","description":"The ID of the identity."},"label":{"type":"string","description":"The descriptive label for the identity."},"type":{"type":"object","description":"The information about the identity including the type.","properties":{"id":{"type":"number","description":"The ID of the origin type for the identity."},"label":{"type":"string","description":"The label of the origin type for the identity."},"type":{"type":"string","description":"The name of the origin type for the identity."}},"$$ref":"#/components/schemas/IdentityType"},"deleted":{"type":"boolean","description":"Indicates whether the identity was deleted.","example":true}},"required":["id","label","type","deleted"],"example":{"id":1,"label":"Catch Rate Testing System","type":{"id":21,"label":"Sites","type":"site"},"deleted":false},"$$ref":"#/components/schemas/Identity"},"$$ref":"#/components/schemas/identities"}},"required":["date","identities","time","timestamp","type","decryptAction"],"example":{"totalServerBytes":256,"destinationip":"208.67.222.222","decryptAction":"Decrypt Outbound","date":"2020-07-12","endtimestamp":1594557262000,"cipherSuite":"TLS_AES_256_SHA_384","protocol":"TCP/TLS","sourceip":"192.168.30.2","totalClientBytes":128,"time":"12:34:22","type":"decryption","protocolVersion":"TLS 1.2","endtime":"12:34:22","enddate":"2020-07-12","decryptActionReason":"DND Pinned Cert","decryptError":"Received fatal alert CertificateUnknown","sourceport":39200,"destinationport":53,"timestamp":1594557262000,"identities":[{"id":36661999,"type":{"id":48,"type":"saml_user","label":"Users"},"label":"BAP user","deleted":false}]},"$$ref":"#/components/schemas/ActivityDecryption"}]}},"meta":{"type":"object","description":"The properties of the metadata.","example":{},"$$ref":"#/components/schemas/Meta"}},"required":["data","meta"]},"example":{"meta":{},"data":[{"externalip":"52.8.160.247","internalip":"52.8.160.247","policycategories":[{"id":66,"label":"Malware","type":"security","integration":true}],"categories":[{"id":66,"label":"Malware","type":"security","integration":true}],"verdict":"allowed","domain":"google.com","timestamp":1731002169000,"time":"06:31:46","date":"2019-01-24","identities":[{"id":1,"label":"Catch Rate Testing System","type":{"id":21,"label":"Sites","type":"site"},"deleted":true}],"threats":[{"label":"Wannacry","type":"Ransomware"}],"allapplications":[{"id":1,"label":"label","type":"NBAR","category":{"id":1,"label":"category"}}],"allowedapplications":[{"id":1,"label":"label","type":"NBAR","category":{"id":1,"label":"category"}}],"querytype":"MX","returncode":2,"blockedapplications":[],"type":"dns"}]}}}},"400":{"description":"Bad Request","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}},"example":{"message":"Bad Request"}}}},"$$ref":"#/components/responses/400Error"},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}},"example":{"message":"Unauthorized"}}}},"$$ref":"#/components/responses/401Error"},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}},"example":{"message":"Forbidden"}}}},"$$ref":"#/components/responses/403Error"},"404":{"description":"Not Found","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}},"example":{"message":"Not Found"}}}},"$$ref":"#/components/responses/404Error"},"500":{"description":"Internal Server Error","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}},"example":{"message":"Internal Server Error"}}}},"$$ref":"#/components/responses/500Error"}},"__originalOperationId":"getActivities","method":"get","path":"/activity"}}